FAR EASTERN UNIVERSITY

Vision
Guided by the core values of Fortitude, Excellence and Uprightness, Far Eastern University aims to be a university of choice in Asia

Mission
Committed to the highest intellectual, moral and cultural standards, it strives to produce principled and competent graduates. It nurtures a service-oriented and environment conscious
community which seeks to contribute to the advancement of the global society.

Quality Policy
Far Eastern University is committed to providing quality educational services. Each person is expected to do the job right the first time with the intention of consistently satisfying the
requirement of our students, other members of FEU community, and external parties. Under any given circumstances we shall adhere to all the requirements and standards for continuous
improvement and effectiveness of the quality management systems.

INSTITUTE OF ACCOUNTS, BUSINESS AND FINANCE

Vision
Far Eastern University – Institute of Accounts, Business and Finance (IABF) envisions itself to be the preferred business school in Asia.

Mission
The Institute of Accounts, Business and Finance is committed to produce principled and competent business graduates, espousing Fortitude, Excellence and Uprightness. IABF will promote
community engaged, service-oriented individuals who will shape and build strong organization in the future.

DEPARTMENT OF ACCOUNTANCY

Vision
Guided by the core values (Fortitude, Excellence and Uprightness) of a true-blooded Tamaraw, the Accountancy Program of FEU– IABF envisions itself as a Center of Excellence in
Accountancy Education.

Mission
It commits to develop future responsible accounting professionals through holistic accountancy curriculum, extensive and innovative delivery of instruction, competent and highly qualified
faculty, state-of-the-art facilities, industry and community-based researches, practical-based student apprenticeship program and extensive community.
Course Title: Auditing in CIS Environment
Course Code : ACT1208/AUDCIS
Credits : Three (3) units
Prerequisite : ACT1111
Course Description : This course is intended to provide understanding of the IT audit profession, emphasizing on how IT audit provides organizations and auditors the
ability to effectively assess financial information’s validity, reliability, and security. Emphasizing on essential principles, knowledge, and skills on how
to control and assess IT systems; legislation relevant to IT auditors and its impact on the IT field; and significance of tools and computer-assisted audit
techniques (CAATs) when performing audit work. At the end of the course, students are expected to be prepared for the global examination of
Certified Information Systems Auditor (CISA) and Certified Internal Auditor (CIA).

Program Expected Learning Outcomes (PELO):

A graduate of the BS Internal Auditing program is expected to achieve the following learning outcomes:
1. Resolve business issues and problems, with a global and strategic perspective using knowledge and technical proficiency in the areas of internal auditing, financial
accounting and reporting, cost accounting and management, management accounting and control, taxation, law and accounting/auditing information systems with
integrity, objectivity and competence;
2. Prepare financial statements and other-related reports in accordance with applicable accounting and auditing standards, taxation and business laws.
3. Conduct internal auditing research through independent studies of relevant literature and appropriate use of internal auditing theory and methodologies.
4. Develop a strategic business plan using the management concepts and principles holistically.
5. Employ technology as a business tool in capturing financial and non-financial information, generating reports and making decisions
6. Interpret the business environment through various financial and management analysis.
7. Evaluate accounting-related topics and contemporary issues through written inquiry and investigation.
8. Apply relevant auditing standards to financial statements audit for reliable communication of results to stakeholders.
9. Confidently maintain a commitment to good corporate citizenship, social responsibility and ethical practice in performing functions as an internal auditor.
10. Prepare income tax returns and other business documents in compliance with regulatory requirements.
11. Apply knowledge and skills that will successfully respond to various types of assessments (including professional licensure and certifications.
12. Demonstrate leadership and interpersonal skills through collaborative work.
13. Communicate effectively in a variety of domain including writing, speaking, listening and reading in the context of accounting and business.
14. Adapt to changing environment by responding positively to challenges.
15. Manifest the FEU core values – Fortitude, Excellence and Uprightness.
Course Expected Learning Outcomes (CELO):
Upon completion of the course, the students are expected to:
1. Build an understanding of the essential principles, knowledge, and skills on how to control and assess IT systems that will prepare the students for a successful
career in the public practice, private industry, or government.
2. Build an understanding of the IT audit profession, emphasizing on how IT audit provides organizations and auditors the ability to effectively assess financial
information’s validity, reliability, and security.
3. Learn to describe legislation relevant to IT auditors and its impact on the IT field.
4. Learn to demonstrate the significance of aligning IT plans, objectives, and strategies with the business (i.e., IT governance).
5. Understand the role and significance of tools and computer-assisted audit techniques (CAATs) when performing audit work and to design audit plans that ensure
adequate use of tools and technologies when delivering audit work.
6. Understand the risks associated with information security and common types of application systems, as well as application controls and how they are used to
safeguard the input, processing, and output of information.
7. Understand the IT auditor’s involvement in an examination of application systems and the development of relevant and practical documentation to perform IT
audit work.
8. Understand the importance of protecting information against security threats and risks and implement effective information security policies, procedures, and
controls to ensure the integrity of such information and the involvement of IT auditors in such.

Program Expected Learning

Course Expected Learning Outcomes (CELO) Outcomes (PELO)
CELO 1 Build an understanding of the essential principles, knowledge, and skills on how to control and assess IT systems that will 1, 3, 4, 5, 6, 9, 11, 14, 15
prepare the students for a successful career in the public practice, private industry, or government
CELO 2 Build an understanding of the IT audit profession, emphasizing on how IT audit provides organizations and auditors the 1, 3, 4, 5, 6, 9, 11, 14, 15
ability to effectively assess financial information’s validity, reliability, and security
CELO 3 Learn to describe legislation relevant to IT auditors and its impact on the IT field. 1, 3, 5, 9, 10, 11, 12, 14, 15
CELO 4 Learn to demonstrate the significance of aligning IT plans, objectives, and strategies with the business (i.e., IT governance) 1, 3, 4, 5, 6, 9, 11, 12, 14, 15
CELO 5 Understand the role and significance of tools and computer-assisted audit techniques (CAATs) when performing audit work 1, 3, 5, 9, 11, 12, 13, 14, 15
and to design audit plans that ensure adequate use of tools and technologies when delivering audit work
CELO 6 Understand the risks associated with information security and common types of application systems, as well as application 1, 3, 4, 5, 6, 9, 11, 12, 13, 14, 15
controls and how they are used to safeguard the input, processing, and output of information
CELO 7 Understand the IT auditor’s involvement in an examination of application systems and the development of relevant and 1, 3, 4, 5, 6, 9, 11, 12, 13, 14, 15
practical documentation to perform IT audit work.
CELO 8 Understand the importance of protecting information against security threats and risks and implement effective information 1, 3, 4, 5, 6, 9, 1, 12, 13, 14, 15
security policies, procedures, and controls to ensure the integrity of such information and the involvement of IT auditors in
such.
COURSE MAP
Time Learning Content Learning Outcomes Strategy / Methodology Student Output Evaluation /
Frame- / Activities Assessment
Week
1 1. Introduction: Meet the 1. To make the students understand the learning [CP1] Introduce self Self-introduction and No
teacher and outcomes of the course, the rules and routines of and tell class expectations post in Forum assessment
classmates the class and other guidelines in online learning. expectations
2. Course learning
outcomes discussion Read and discuss “Ace
3. Discuss rules and the Case” Study Guide
routines and
guidelines in online
learning
1-3 Module 1. Information 1. Discuss how technology is constantly evolving and Discussion on learning Read lesson and answer [PQ1]
Technology Environment shaping today's business (IT) environments. content review questions Formative
and IT Audit 2. Explain what IT auditing is and summarize its two Pre-quiz 1
1. IT Environment broad groupings. Introduce StellenTek [CP2] Listen and react to
2. IT Auditing 3. Describe current IT auditing trends and identify the Case Study and podcast: The Future of IT [QZ1]
3. IT Auditing Trends needs to have an IT audit. Resources Audit Formative
4. Role of the IT Auditor 4. Explain the various roles of the IT auditor. Quiz 1
5. IT Audit Profession 5. Support why IT audit is considered a profession. [CP3] Listen and react to
6. Describe the profile of an IT auditor in terms of podcast: Addressing the
experience and skills required. Challenges Facing IT
7. Discuss career opportunities available to IT auditors Auditors

[CS1] Start the StellenTek

Case Study
4-6 Module 2. Legislation 1. Discuss IT crimes and explain the three main Discussion on learning Watch “The Enron [PQ2]
Relevant to Information categories of crimes involving computers. content Scandal”, Background for Formative
Technology 2. Define cyber attack, and illustrate recent major the Sarbanes Oxley Act of Pre-quiz 2
1. IT Crimes and cyber attacks conducted in the U.S. and the Continue StellenTek 2002
Cyberattacks Philippines. Case Study and [QZ2]
2. Sarbanes-Oxley Act of 3. Summarize the Sarbanes-Oxley Act of 2002 financial Resources Formative
2002 integrity legislation. Quiz 2
 Time Learning Content Learning Outcomes Strategy / Methodology Student Output Evaluation /
Frame- / Activities Assessment
Week
3. US Security Legislation 4. Describe and discuss financial security legislation [CP4] Listen and react to
4. Privacy Legislation relevant to IT auditors. the podcast: The Mother of
5. International Privacy 5. Describe and discuss privacy-related legislation All Breaches
Laws relevant to IT auditors
6. Philippine Laws related 6. Discuss Philippine laws relevant and international [CP5] Listen and react to
to Cyber and privacy laws to IT auditors the podcast: Privacy
Information Security 7. Describe and discuss ethical issues and code of Expectations and
7. Code of Ethics ethics relevant to IT auditors. Regulatory Complexities

7-8 Module 3. IT Governance 1. Describe IT governance and explain the significance Discussion on the [CP6] Listed and react to [PQ3]
and Strategy of aligning IT with business objectives. learning content the podcast: The Evolving Formative
1. IT Governance – 2. Describe relevant IT governance frameworks. Role of Technology Pre-quiz 3
Alignment of IT with 3. Explain the importance of implementing IT Governance
Business Objectives performance metrics within the organization, [QZ3]
2. IT Governance particularly, the IT Balanced Scorecard. Describe the Formative
Frameworks steps in building an IT Balanced Scorecard and Quiz 3
3. IT Performance illustrate supporting example.
Metrics 4. Discuss the importance of regulatory compliance
4. Regulatory Compliance and internal controls in organizations.
and Internal Controls 5. Define IT strategy and discuss the IT strategic plan,
5. IT Strategy and its significance in aligning business objectives
6. IT Steering Committee with IT.
7. Communication 6. Explain what an IT Steering Committee is and
8. Operational Planning describe its tasks in an organization.
7. Discuss the importance of effective communication
of the IT strategy to members of the organization.
8. Describe the operational governance processes and
how they control delivery of IT projects, while
aligning with business objectives.
9 Midterm Examination
10 Module 4. The IT Audit 1. Describe what audit universe is and illustrate Discussion on learning [CP7] Listen and react to [PQ4]
Process example. content the podcast: Creating Value Formative
 Time Learning Content Learning Outcomes Strategy / Methodology Student Output Evaluation /
Frame- / Activities Assessment
Week
1. Audit Universe 2. Define control objectives for information and related by Taking Risks and Pre-quiz 4
2. COBIT technology and explain why they are useful for Overcoming Fear of Failure
3. Risk Assessment organizations and auditors.
4. Audit Plan 3. Explain what a risk assessment is and its significance [CP8] Do the group [QZ4]
5. Audit Process to the audit function. Illustrate an example of a risk exercise: The IT Audit Formative
6. Other Types of IT Audit assessment following the National Institute of Process Quiz 4
Standards and Technology methodology.
4. Define the audit process and describe the phases of [CS1] Finish StellenTek Case
an IT audit engagement. Study
5. Discuss other types of audits conducted in IT.
11-12 Module 5. Tools and 1. Define auditor productivity tools and describe how Discussion on learning [CP8] Short Case – Change [PQ5]
Techniques Used in they assist the audit process. content Control Management Formative
Auditing IT 2. Describe techniques used to document application Process Pre-quiz 5
1. Audit Productivity systems, such as flowcharting, and how these Introduce TechWear
Tools techniques are developed to assist the audit process. Case Study and [CS2] Start TechWear [Q5]
2. System 3. Explain what Computer-Assisted Audit Techniques Resources Casestudy and watch Formative
Documentation (CAATs) are and describe the role they play in the related videos Quiz 5
Techniques to performance of audit work. Discuss and
Understand 4. Describe how CAATs are used to define sample size demonstrate usage of [CS3] Perform ACL
Application Systems and select the sample. ACL (Audit Command Exercises – ACL Data
3. Flowcharting 5. Describe the various CAATs used for reviewing Language) by Galvanize Analysis Project
4. CAATs applications, particularly, the audit command
5. Auditing Around the language (ACL) audit software.
Computer Versus 6. Describe CAATs used when auditing application
Auditing Through the controls.
Computer 7. Describe CAATs used in operational reviews.
6. Computer Forensics 8. Differentiate between “Auditing Around the
Tools Computer” and “Auditing Through the Computer.”
9. Describe computer forensics and sources to evaluate
computer forensic tools and techniques.
 Time Learning Content Learning Outcomes Strategy / Methodology Student Output Evaluation /
Frame- / Activities Assessment
Week
13-14 Module 6. Internal 1. Discuss what are information technology general Discussion on learning
Control Information controls (ITGCs) and why is it important and relevant content
Technology General to a business
Controls (ITCG) 2. Discuss the common ITGCs: manage access process,
1. Introduction to ITGCs manage program and system change process, and
2. ITGC Basics manage IT operations process
3. Evaluating ITGCs 3. Understand, for each of the three ITGC processes,
4. Audit response to the typical IT risk, typical ITGCs that address such
ineffective ITGC risks, typical testing of the ITGCs, and the typical IT-
substantive testing that an auditor might perform in
case ITGCs are not tested or are found to be
ineffective due to inadequate design or operation of
control.
4. Understand the importance of effective ITGC, and
the implications of ineffective ITGCs for audit and for
the audit opinion on internal control over financial
reporting
15-16 Module 7. Application 1. Discuss common risks associated with application Discussion on learning [CP9] Short Case – Input [PQ7]
Systems: Risks and systems. content Controls Formative
Controls 2. Discuss common risks associated with end-user Pre-quiz 7
1. Application System development application systems. Case-studies [CS2] Continue TechWear
Risks 3. Discuss risks to systems exchanging business Casestudy and watch
2. End-user Development information and describe common standards for related videos [Q7]
Application Risks their audit assessments. Formative
3. Risks to Systems 4. Describe Web applications, including best secure Quiz 7
Exchanging Electronic coding practices and common risks.
Business Information 5. Explain application controls and how they are used
4. Web Application Risks to safeguard the input, processing, and output of
5. Application Controls information.
6. IT Auditor’s 6. Discuss the IT auditor’s involvement in an
Involvements examination of application systems.
 Time Learning Content Learning Outcomes Strategy / Methodology Student Output Evaluation /
Frame- / Activities Assessment
Week
17 Module 8. Information 1. Describe the importance of information security to Discussion on learning [CP10] Short Case – [PQ8]
Security organizations, and how information represents a content Information Security Audit Formative
1. Information Security critical asset in today’s business organizations. Program Pre-quiz 7
2. Information Security in 2. Discuss recent technologies that are revolutionizing Case-studies
the Current IT organizations’ IT environments and the significance [CS2] Finish TechWear [QZ8]
Environment of implementing adequate security to protect the Casestudy and watch Formative
3. Information Security information. related videos Quiz 7
Threats and Risks 3. Discuss information security threats and risks, and
4. Information Security how they represent a constant challenge to
Standards information systems.
5. Information Security 4. Describe relevant information security standards and
Policy guidelines available for organizations and auditors.
6. Information Security 5. Explain what an information security policy is and
Roles and illustrate examples of its content.
Responsibilities 6. Discuss roles and responsibilities of various
7. Information Security information system groups within information
Controls security.
8. Selection and Testing 7. Explain what information security controls are, and
of Information Security their importance in safeguarding the information.
Controls 8. Describe the significance of selecting, implementing,
9. Involvement in an and testing information security controls.
Information Security 9. Describe audit involvement in an information
Audit security control examination and provide reference
information on tools and best practices to assist such
audits.
18 Final Examinations

INSTRUCTIONAL MATERIALS/ RESOURCES

1. Microsoft PowerPoint
2. CANVAS
3. Other Learning Management System (LMS) (e.g. Connect, Mindtap, etc.)
SUGGESTED READINGS AND REFERENCES
1. Otero, A. R. (2019). Information Technology Control and Audit, 5th Edition. CRC Press, Taylor & Francis Group. (Main Reference Text)
2. Cannon, D. (2016). CISA: Certified Information Systems Auditor Study Guide, Fourth Edition. Indianapolis, Indiana: John Wiley & Sons, Inc. .
3. Cascarino, R. E. (2012). Auditor's Guide to IT Auditing, Second Edition. Hoboken, New Jersey: John Wiley & Sons, Inc.
4. Davis, C., & Schiller, M. (2011). IT Auditing Using Controls to Protect Information Assets, Second Edition. McGraw-Hill Companies.
5. Hall, J. (2016). Information Technology Auditing, 4th Edition. South-Western Cengage Learning.
6. Hunton, J. E., Bryant, S. M., & Bagranoff, N. A. (2004). Core Concepts of Information Technology Auditing. John Wiley & Sons, Inc.

CLASSROOM POLICIES
It is the responsibility of the learner to come to each class prepared. He/she is also expected to take all examinations on the scheduled date. He/she should read the
assigned problems prior to class discussion. He/she is expected to attend each class and participate actively in the discussions.

FEU ACADEMIC DISHONESTY

All Research, Accounting, Auditing, Law and Taxation students are expected to be academically honest. Cheating, lying, and other forms of immoral and unethical behavior
will not be tolerated. Any student found guilty of cheating in examinations or plagiarizing in submitted course requirements will (at a minimum) receive a Failing Grade in the
course/subject. Cheating and Plagiarism refer to the use of unauthorized books, notes, securing help in a test, copying test, assignments, reports or term papers, collaborating
without authority with another student during an examination or in preparing academic work, signing another student’s name on an attendance sheet, representing the work
of another person as one’s own; and other activities manifesting the practice of scholastic dishonesty.

POLICY ON ABSENCES
The students are allowed only 20% of the total number of hours in a semester for absences. Hence, the allowed number of absences for a student enrolled in a 3-unit
subject or 6-unit subject is a maximum of six (6) absences during regular semester. Request for excused absences or waiver of absences must be presented prior to
occurrence of absence or immediately upon reporting back to class, whichever is applicable. Special examinations will be given only in special cases, such as prolonged
illness. It is the responsibility of the student to monitor his/her own tardy incidents and absences that might accumulate leading to the grade of 5.00 or F. It is also his/her
responsibility to consult with the concerned faculty member, program head, Dean should his/her case be of special nature.
Note: Always refer to the Student Handbook for academic policies.

POLICY ON NON-SOLICITATION OF FUNDS

All official fees of the University are collected through the Cash Department. Students should not pay any additional fees such as those for tickets, entrance fees,
transportation fees, hand-outs, readings, quizzes or tests to any faculty or staff member of the University.

POLICY ON STUDENT DATA PRIVACY ACT

In compliance with the Act and for ensuring highest level of data security and confidentiality in the access of student’s personal data/information, faculty members should
not allow the student to check other students’ test papers, assignments, seat work, announce the individual grades of the students before the class, disclose student
information, student records and other “student-generated content” in any media, and any other similar acts that will jeopardize the interest of an identified individual
student.

COURSE REQUIREMENTS
Assignments, Quizzes, Major Exams, Output Presentation

GRADING SYSTEM
Computation of Periodic Grades

I. Computation of 1st Preliminary Grade: Midterm Grade (MG)

Formative Assessment (FA)
Class Participation (Homework, Practice Tests, Recitation, Pre-test) 20%
Quizzes 30%
Summative Assessment (SA) - Major Departmental Exam 50%
1st PRELIMINARY GRADE 100%

II. Computation of 2nd Preliminary Grade

Formative Assessment (FA)
Class Participation (Homework, Practice Tests, Recitation, Pre-test ) 20%
Quizzes 30%
Summative Assessment (SA) – Major Departmental Exam 50%
2nd PRELIMINARY GRADE 100%
 III. FINAL GRADE = 1st PG (50%) + 2nd PG (50%)
TRANSMUTATION OF FINAL GRADE (FG)
FINALGRADE LETTER GRADE QUALITY POINT RANGE
92 – 100 A 4.0 3.80-4.0
85 – 91 B+ 3.5 3.30 – 3.79
78 – 84 B 3.0 2.80 – 3.29
71 – 77 C+ 2.5 2.30 – 2.79
64 – 70 C 2.0 1.80 – 2.29
57 – 63 D+ 1.5 1.30 – 1.79
50 – 58 D 1.0 1.0 – 1.29
F .99 and lower

IV. RETENTION GRADE - (QUALITY POINT AVERAGE (QPA) CUMULATIVE PER YEAR LEVEL
BACHELOR OF SCIENCE IN BACHELOR OF SCIENCE IN
ACCOUNTANCY INTERNAL AUDITING
YEAR LEVEL FAR EASTERN UNIVERSITY (BSA) (BSIA)
First Year 1.2 1.2 1.2
Second Year 1.5 1.6 1.5
Third Year 1.8 2.0 1.8
Fourth Year 2.0 2.4 2.0

DATE OF EFFECTIVITY: August 2021

Prepared By: Recommended by: Approved By:

REYMARK LAZO
JEROMY ORANGA RAMIL N. BALDRES EARL JOSEPH BORGOÑA
Instructor – Auditing in a CIS Environment Program Head – Accountancy & Internal Auditing OIC-Dean - IABF